[github/shaarli/Shaarli.git] / application / front / controller / visitor / InstallController.php

<?php

declare(strict_types=1);

namespace Shaarli\Front\Controller\Visitor;

use Shaarli\ApplicationUtils;
use Shaarli\Bookmark\BookmarkFilter;
use Shaarli\Container\ShaarliContainer;
use Shaarli\Front\Exception\AlreadyInstalledException;
use Shaarli\Front\Exception\ResourcePermissionException;
use Shaarli\Languages;
use Shaarli\Security\SessionManager;
use Slim\Http\Request;
use Slim\Http\Response;

/**
 * Slim controller used to render install page, and create initial configuration file.
 */
class InstallController extends ShaarliVisitorController
{
    public const SESSION_TEST_KEY = 'session_tested';
    public const SESSION_TEST_VALUE = 'Working';

    public function __construct(ShaarliContainer $container)
    {
        parent::__construct($container);

        if (is_file($this->container->conf->getConfigFileExt())) {
            throw new AlreadyInstalledException();
        }
    }

    /**
     * Display the install template page.
     * Also test file permissions and sessions beforehand.
     */
    public function index(Request $request, Response $response): Response
    {
        // Before installation, we'll make sure that permissions are set properly, and sessions are working.
        $this->checkPermissions();

        if (static::SESSION_TEST_VALUE
            !== $this->container->sessionManager->getSessionParameter(static::SESSION_TEST_KEY)
        ) {
            $this->container->sessionManager->setSessionParameter(static::SESSION_TEST_KEY, static::SESSION_TEST_VALUE);

            return $this->redirect($response, '/install/session-test');
        }

        [$continents, $cities] = generateTimeZoneData(timezone_identifiers_list(), date_default_timezone_get());

        $this->assignView('continents', $continents);
        $this->assignView('cities', $cities);
        $this->assignView('languages', Languages::getAvailableLanguages());

        return $response->write($this->render('install'));
    }

    /**
     * Route checking that the session parameter has been properly saved between two distinct requests.
     * If the session parameter is preserved, redirect to install template page, otherwise displays error.
     */
    public function sessionTest(Request $request, Response $response): Response
    {
        // This part makes sure sessions works correctly.
        // (Because on some hosts, session.save_path may not be set correctly,
        // or we may not have write access to it.)
        if (static::SESSION_TEST_VALUE
            !== $this->container->sessionManager->getSessionParameter(static::SESSION_TEST_KEY)
        ) {
            // Step 2: Check if data in session is correct.
            $msg = t(
                '<pre>Sessions do not seem to work correctly on your server.<br>'.
                'Make sure the variable "session.save_path" is set correctly in your PHP config, '.
                'and that you have write access to it.<br>'.
                'It currently points to %s.<br>'.
                'On some browsers, accessing your server via a hostname like \'localhost\' '.
                'or any custom hostname without a dot causes cookie storage to fail. '.
                'We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.<br>'
            );
            $msg = sprintf($msg, $this->container->sessionManager->getSavePath());

            $this->assignView('message', $msg);

            return $response->write($this->render('error'));
        }

        return $this->redirect($response, '/install');
    }

    /**
     * Save installation form and initialize config file and datastore if necessary.
     */
    public function save(Request $request, Response $response): Response
    {
        $timezone = 'UTC';
        if (!empty($request->getParam('continent'))
            && !empty($request->getParam('city'))
            && isTimeZoneValid($request->getParam('continent'), $request->getParam('city'))
        ) {
            $timezone = $request->getParam('continent') . '/' . $request->getParam('city');
        }
        $this->container->conf->set('general.timezone', $timezone);

        $login = $request->getParam('setlogin');
        $this->container->conf->set('credentials.login', $login);
        $salt = sha1(uniqid('', true) .'_'. mt_rand());
        $this->container->conf->set('credentials.salt', $salt);
        $this->container->conf->set('credentials.hash', sha1($request->getParam('setpassword') . $login . $salt));

        if (!empty($request->getParam('title'))) {
            $this->container->conf->set('general.title', escape($request->getParam('title')));
        } else {
            $this->container->conf->set(
                'general.title',
                'Shared bookmarks on '.escape(index_url($this->container->environment))
            );
        }

        $this->container->conf->set('translation.language', escape($request->getParam('language')));
        $this->container->conf->set('updates.check_updates', !empty($request->getParam('updateCheck')));
        $this->container->conf->set('api.enabled', !empty($request->getParam('enableApi')));
        $this->container->conf->set(
            'api.secret',
            generate_api_secret(
                $this->container->conf->get('credentials.login'),
                $this->container->conf->get('credentials.salt')
            )
        );
        $this->container->conf->set('general.header_link', $this->container->basePath);

        try {
            // Everything is ok, let's create config file.
            $this->container->conf->write($this->container->loginManager->isLoggedIn());
        } catch (\Exception $e) {
            $this->assignView('message', t('Error while writing config file after configuration update.'));
            $this->assignView('stacktrace', $e->getMessage() . PHP_EOL . $e->getTraceAsString());

            return $response->write($this->render('error'));
        }

        if ($this->container->bookmarkService->count(BookmarkFilter::$ALL) === 0) {
            $this->container->bookmarkService->initialize();
        }

        $this->container->sessionManager->setSessionParameter(
            SessionManager::KEY_SUCCESS_MESSAGES,
            [t('Shaarli is now configured. Please login and start shaaring your bookmarks!')]
        );

        return $this->redirect($response, '/');
    }

    protected function checkPermissions(): bool
    {
        // Ensure Shaarli has proper access to its resources
        $errors = ApplicationUtils::checkResourcePermissions($this->container->conf);
        if (empty($errors)) {
            return true;
        }

        $message = t('Insufficient permissions:') . PHP_EOL;
        foreach ($errors as $error) {
            $message .= PHP_EOL . $error;
        }

        throw new ResourcePermissionException($message);
    }
}
Commit	Line	Data
c4ad3d4f A	1	<?php
	2
	3	declare(strict_types=1);
	4
	5	namespace Shaarli\Front\Controller\Visitor;
	6
	7	use Shaarli\ApplicationUtils;
	8	use Shaarli\Bookmark\BookmarkFilter;
	9	use Shaarli\Container\ShaarliContainer;
	10	use Shaarli\Front\Exception\AlreadyInstalledException;
	11	use Shaarli\Front\Exception\ResourcePermissionException;
	12	use Shaarli\Languages;
	13	use Shaarli\Security\SessionManager;
	14	use Slim\Http\Request;
	15	use Slim\Http\Response;
	16
	17	/**
	18	* Slim controller used to render install page, and create initial configuration file.
	19	*/
	20	class InstallController extends ShaarliVisitorController
	21	{
	22	public const SESSION_TEST_KEY = 'session_tested';
	23	public const SESSION_TEST_VALUE = 'Working';
	24
	25	public function __construct(ShaarliContainer $container)
	26	{
	27	parent::__construct($container);
	28
	29	if (is_file($this->container->conf->getConfigFileExt())) {
	30	throw new AlreadyInstalledException();
	31	}
	32	}
	33
	34	/**
	35	* Display the install template page.
	36	* Also test file permissions and sessions beforehand.
	37	*/
	38	public function index(Request $request, Response $response): Response
	39	{
	40	// Before installation, we'll make sure that permissions are set properly, and sessions are working.
	41	$this->checkPermissions();
	42
	43	if (static::SESSION_TEST_VALUE
	44	!== $this->container->sessionManager->getSessionParameter(static::SESSION_TEST_KEY)
	45	) {
	46	$this->container->sessionManager->setSessionParameter(static::SESSION_TEST_KEY, static::SESSION_TEST_VALUE);
	47
	48	return $this->redirect($response, '/install/session-test');
	49	}
	50
	51	[$continents, $cities] = generateTimeZoneData(timezone_identifiers_list(), date_default_timezone_get());
	52
	53	$this->assignView('continents', $continents);
	54	$this->assignView('cities', $cities);
	55	$this->assignView('languages', Languages::getAvailableLanguages());
	56
	57	return $response->write($this->render('install'));
	58	}
	59
	60	/**
	61	* Route checking that the session parameter has been properly saved between two distinct requests.
	62	* If the session parameter is preserved, redirect to install template page, otherwise displays error.
	63	*/
	64	public function sessionTest(Request $request, Response $response): Response
65	{
66	// This part makes sure sessions works correctly.
67	// (Because on some hosts, session.save_path may not be set correctly,
68	// or we may not have write access to it.)
69	if (static::SESSION_TEST_VALUE
70	!== $this->container->sessionManager->getSessionParameter(static::SESSION_TEST_KEY)
71	) {
72	// Step 2: Check if data in session is correct.
73	$msg = t(
74	'<pre>Sessions do not seem to work correctly on your server.<br>'.
75	'Make sure the variable "session.save_path" is set correctly in your PHP config, '.
76	'and that you have write access to it.<br>'.
77	'It currently points to %s.<br>'.
78	'On some browsers, accessing your server via a hostname like \'localhost\' '.
79	'or any custom hostname without a dot causes cookie storage to fail. '.
80	'We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.<br>'
81	);
82	$msg = sprintf($msg, $this->container->sessionManager->getSavePath());
83
84	$this->assignView('message', $msg);
85
86	return $response->write($this->render('error'));
87	}
88
89	return $this->redirect($response, '/install');
90	}
91
92	/**
93	* Save installation form and initialize config file and datastore if necessary.
94	*/
95	public function save(Request $request, Response $response): Response
96	{
97	$timezone = 'UTC';
98	if (!empty($request->getParam('continent'))
99	&& !empty($request->getParam('city'))
100	&& isTimeZoneValid($request->getParam('continent'), $request->getParam('city'))
101	) {
102	$timezone = $request->getParam('continent') . '/' . $request->getParam('city');
103	}
104	$this->container->conf->set('general.timezone', $timezone);
105
106	$login = $request->getParam('setlogin');
107	$this->container->conf->set('credentials.login', $login);
108	$salt = sha1(uniqid('', true) .'_'. mt_rand());
109	$this->container->conf->set('credentials.salt', $salt);
110	$this->container->conf->set('credentials.hash', sha1($request->getParam('setpassword') . $login . $salt));
111
112	if (!empty($request->getParam('title'))) {
113	$this->container->conf->set('general.title', escape($request->getParam('title')));
114	} else {
115	$this->container->conf->set(
116	'general.title',
117	'Shared bookmarks on '.escape(index_url($this->container->environment))
118	);
119	}
120
121	$this->container->conf->set('translation.language', escape($request->getParam('language')));
122	$this->container->conf->set('updates.check_updates', !empty($request->getParam('updateCheck')));
123	$this->container->conf->set('api.enabled', !empty($request->getParam('enableApi')));
124	$this->container->conf->set(
125	'api.secret',
126	generate_api_secret(
127	$this->container->conf->get('credentials.login'),
128	$this->container->conf->get('credentials.salt')
129	)
130	);
3ee8351e	131	$this->container->conf->set('general.header_link', $this->container->basePath);
c4ad3d4f A	132
	133	try {
	134	// Everything is ok, let's create config file.
	135	$this->container->conf->write($this->container->loginManager->isLoggedIn());
	136	} catch (\Exception $e) {
3ee8351e A	137	$this->assignView('message', t('Error while writing config file after configuration update.'));
3ee8351e A	138	$this->assignView('stacktrace', $e->getMessage() . PHP_EOL . $e->getTraceAsString());
c4ad3d4f A	139
	140	return $response->write($this->render('error'));
	141	}
	142
	143	if ($this->container->bookmarkService->count(BookmarkFilter::$ALL) === 0) {
	144	$this->container->bookmarkService->initialize();
	145	}
	146
	147	$this->container->sessionManager->setSessionParameter(
	148	SessionManager::KEY_SUCCESS_MESSAGES,
	149	[t('Shaarli is now configured. Please login and start shaaring your bookmarks!')]
	150	);
	151
	152	return $this->redirect($response, '/');
	153	}
	154
	155	protected function checkPermissions(): bool
	156	{
	157	// Ensure Shaarli has proper access to its resources
	158	$errors = ApplicationUtils::checkResourcePermissions($this->container->conf);
c4ad3d4f A	159	if (empty($errors)) {
	160	return true;
	161	}
	162
3ee8351e	163	$message = t('Insufficient permissions:') . PHP_EOL;
c4ad3d4f	164	foreach ($errors as $error) {
3ee8351e	165	$message .= PHP_EOL . $error;
c4ad3d4f	166	}
c4ad3d4f A	167
	168	throw new ResourcePermissionException($message);
	169	}
	170	}